From 26197cec6e8cebca334ae99d72d93a692385eb6d Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 20 Jul 2023 22:05:46 +0100 Subject: [PATCH] skynet: finally setting up skynet --- flake.nix | 3 +++ machines/skynet.nix | 58 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+) create mode 100644 machines/skynet.nix diff --git a/flake.nix b/flake.nix index 2881cb3..5c8f0b1 100644 --- a/flake.nix +++ b/flake.nix @@ -86,6 +86,9 @@ # backup 1 neuromancer = import ./machines/neuromancer.nix; + # Skynet + skynet = import ./machines/skynet.nix; + }; }; diff --git a/machines/skynet.nix b/machines/skynet.nix new file mode 100644 index 0000000..c769fc5 --- /dev/null +++ b/machines/skynet.nix @@ -0,0 +1,58 @@ +/* + + Name: https://en.wikipedia.org/wiki/Skynet_(Terminator) + Why: Skynet is eternal + Type: VM + Hardware: - + From: 2023 + Role: Webserver and member linux box + Notes: + +*/ + +{ pkgs, lib, nodes, ... }: +let + # name of the server, sets teh hostname and record for it + name = "skynet"; + # DMZ that ITD provided + ip_pub = "193.1.96.165"; + ip_priv = "193.1.99.79"; + hostname = "${name}.skynet.ie"; + hostname_int = "${name}_int.skynet.ie"; + +in { + imports = []; + + deployment = { + targetHost = hostname_int; + targetPort = 22; + targetUser = "root"; + + tags = [ "active" ]; + }; + + # it has two network devices so two + skynet_dns.records = [ + {record=name; r_type="A"; value=ip_pub; server=true;} + {record="${name}_int"; r_type="A"; value=ip_priv; server=true;} + + {record=ip_pub; r_type="PTR"; value=hostname;} + {record=ip_priv; r_type="PTR"; value=hostname_int;} + ]; + + services.skynet_backup = { + host = { + ip = ip_pub; + name = name; + }; + }; + + # allow more than admins access + services.skynet_ldap_client = { + groups = [ + "skynet-admins-linux" + "skynet-users-linux" + ]; + }; + +} \ No newline at end of file